Senior GRC Engineer
Dallas, Texas, United States of America
Full Time
1 week ago
Visa Sponsor
Key skills
AWSAzureCloudPythonServiceNowSQLAIMLLLMIAMCI/CDLeadershipRisk Management
About this role
Role Overview
- Write scripts (Python, SQL, APIs) to pull evidence directly from source systems (AWS, Azure, IAM platforms, endpoint agents, CI/CD pipelines), eliminating manual evidence collection
- Build and maintain continuous control monitoring workflows integrated into engineering pipelines, not just GRC platforms
- Design compliance-as-code and policy-as-code approaches; own the technical architecture of how controls are tested automatically
- Operate and extend the GRC platform (ServiceNow GRC, Drata, OneTrust, or equivalent) as an engineer, not just a user, including building integrations and automating evidence routing
- Build and maintain Lantern’s AI risk register and AI systems inventory, including pre-deployment risk assessments for new AI use cases across our benefits platform in partnership with Engineering and Product
- Implement AI governance controls aligned to the NIST AI RMF, covering model risk, bias, transparency, and accountability, with a bias toward automated monitoring over manual review
- Monitor HHS AI policy, EU AI Act, and state-level regulation; translate emerging requirements into actionable, automatable controls
- Govern AI systems used within the GRC function itself, including any LLM-powered evidence analysis or control monitoring tools
- Own the HIPAA Privacy and Security compliance program: risk assessments, remediation tracking, workforce training coordination, and ongoing monitoring
- Support HITRUST CSF certification and SOC 2 Type II audit cycles as a technical contributor, building automated evidence pipelines rather than collecting evidence manually
- Map the control environment against NIST CSF; identify gaps and build a prioritized, automatable remediation roadmap
- Build and maintain the enterprise risk register with automated KRI tracking and outcome-based reporting for leadership
- Run the third-party risk management (TPRM) program with a continuous monitoring posture: automated vendor monitoring rather than point-in-time assessments
- Conduct vendor risk assessments with emphasis on cloud vendors handling PHI and AI/ML vendors embedding models into products we purchase
Requirements
- 5+ years in GRC, information security, or compliance engineering, with at least 3 years in healthcare or health-tech
- Demonstrated ability to write code that extracts evidence directly from systems (Azure, IAM, endpoints, APIs), not just configure workflow tools
- Has built something using an LLM or AI framework: a working tool, even a prototype.
- Thinks like an engineer first: sees a manual compliance process and asks how to eliminate it, not how to document it better
Tech Stack
- AWS
- Azure
- Cloud
- Python
- ServiceNow
- SQL
Benefits
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Short & Long Term Disability
- Life Insurance
- 401k with company match
- Flexible Time Off
- Paid Parental Leave